About the Original Author

Recent articles by this author

This article presents a detailed scenario for integrating IBM Connections 3.0.1 with IBM Lotus Quickr 8.5.1 for Domino. It can help you to show user’s Profile from Quickr, publish an Activity attachment to Quickr, and create a community with a Quickr Teamspace.

This article presents a detailed scenario for integrating IBM Connections 3.0.1 with IBM Lotus Quickr 8.5.1 for Domino. It can help you to show user’s Profile from Quickr, publish an Activity attachment to Quickr, and create a community with a Quickr Teamspace.

Background

IBM® Connections is social software for business that lets you access everyone in your professional network, including your colleagues, customers, and partners. It contains several useful applications for collaboration such as Profiles, Communities, Activities, Files, Forums, and Blogs.

IBM Lotus® Quickr® is team collaboration software that helps you access and interact with the people, information, and project materials that you need to get your work done. Lotus Quickr for Domino® (hereafter called Quickr Domino) Team Places, Content Libraries, Team Forums, Wikis, and connectors make it easy to share documents and information among a team.

The following three IBM Connections applications can be integrated with Quickr Domino:

Profiles. The configuration is easy; just change qpconfig.xml.

Activities. The configuration is a bit more complex in that you first must enable SSO, then change the configuration file of Activities, and then add Quickr server to the IBM WebSphere® Application Server (WAS) resources.

Communities. The configuration is complex; you must first enable SSO, then install connector for Quickr, and then configure Connections to support Quickr authenticated feeds.

IBM Connections and Lotus Quickr are both collaboration domain software, each of them has advantages, if we can integrate them together, they may become more powerful. Although they have such ability to do that, it’s difficult for us to find a comprehensive guidance, the information is separated in product documentation. What’s more, during the setup progress we met some difficulties; the experience we summarized in this article can help you to avoid detours. This solution (see figure 1) can guide you step by step in integrating IBM Connections with Quickr Domino.

Select Federated repositories from the Current realm definitions field, and then click the Configure button.

Figure 2. Global security window

4. On the Federated repositories page, add the LDAP server to the Realm name field, for example, ldapserver.cn.ibm.com:389 (see figure 3). Apply and save this setting.

Figure 3. Federated repositories window

5. From the Integrated Solutions Console, select System administration – Nodes (see figure 4). Select the name of the node that you have updated, and then click Full Resynchronize.

Figure 4. Nodes window

6. After changing the realm name of WAS, you must clear all Connections schedulers, which are Connections scheduled tasks saved in a database. Otherwise, the WAS server will not start successfully, displaying the error message, "The realms do not match".

To clear all Connections schedulers, follow these steps:

a) From the DB2 server, start the db2cmd (input "db2cmd" in a command line).
b) Run the command, "db2 -v -td"@" -f clearScheduler.sql," for each Connections component (see figure 5).

Figure 5. Run "db2 -v -td"@" -f clearScheduler.sql"

NOTE:

clearScheduler.sql resides in the folder of each component of the LCWizard installation package; for example, for the Wiki component, it looks like c:\LCWizard\Wizards\connections.sql\wikis\db2\clearScheduler.sql)

For the Homepage component, you can run the command, "db2 -v -tf clearScheduler.sql", because there is no @ in the sql and it's different from others.

For the Profiles component, you can add "CONNECT TO PEOPLEDB;" to the beginning of clearScheduler.sql, and run the command, "db2 -v -tf clearScheduler.sql".

4. In the Federated repositories window, click the Base Entry you have created for the LDAP repository (see figure 7).

Figure 7. Federated repositories window

5. In the O=ibm Base Entry configuration window, make sure the "Distinguished name of a base entry in this repository" is NOT empty; the value should be same as the "Distinguished name of a base entry that....." setting (see figure 8).

If this setting is left empty, the SSO configuration with other servers may fail for authentication reasons. Since the base entry is appended to the distinguished name (dn) of the LDAP user redundantly, for example, one user's dn is "cn=mike chen,o=ibm", if you don't set this field, when this user visits other servers with SSO enabled (such as the Quickr server), the dn may become "cn=mike chen,o=ibm,o=ibm".

3. In the next window (see figure 10), enter your domain name in the Domain name field, ensuring that there is a dot (.) before the domain name, for example, .cn.ibm.com. (You will need to enter this domain name again when configuring the Domino server.)

Figure 10. Enter Domain name

4. In the same window, enable the "Interoperability Mode" and "Web inbound security attribute propagation" options.
5. Restart all your installed features and confirm that you can switch between them without needing to authenticate more than once.
6. Now log in to the WAS Console, and select Security --- Global security.
7. In the Authentication section, under "Authentication mechanisms and expiration", click the LTPA radio button (see figure 11).

Figure 11. Enable LTPA

8. In the LTPA window enter the password used to protect the exported key in the Password and Confirm password fields (see figure 12).
9. Finally, enter the full file name (such as "c:\ltpakey.file") of the key file to be generated in the "Fully qualified key file name" field. Click the Export keys button.

Figure 12. LTPA window

Import LTPA token and set up SSO on the Domino server

1. Copy the LTPA key file from the WAS server to the Quickr server.
2. Open the Server document via the Domino Administrator, and create an SSO Configuration document (see figure 13).

4. Input the path of the LTPA key file, and input the password of this key file.
5. In the Basics tab of the Web SSO Configuration document (see figure 15), make sure the following three settings are correct:

DNS Domain: .cn.ibm.com (It should be the same as Step 2.4 above; note the dot before the domain name.)

Domino Server Names: Quickr Server Name

LDAP Realm: ldapserver\:389 [It should be the same as Step 1.4 above, note the slash (\) before the colon (:)]

Figure 15. Basics tab of Web SSO Configuration doc

6. Save and close the document.
7. Open the Server document via the Domino Administrator, and select the Internet Protocols" --- Domino Web Engine tabs (see figure 16).
8. Select Multiple Servers (SSO) in the Session authentication field, and select the LTPA token document you just created in the Web SSO Configuration field.

Figure 16. Server document

9. Save the document, and restart the Domino server.
10. Create domcfg.nsf based on domcfg5.ntf, and create the mapping file for the Quickr log-in page.

Integrate Activities to work with Quickr Domino

Enable users to publish file attachments to Quickr Domino

Use the wsadmin client to check out the Activities configuration files. Navigate to the "C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin" directory in a command line, and input the command, wsadmin -lang jython -user wasadmin -password passw0rd

Use this command to access the Activities configuration file: execfile("activitiesAdmin.py")

Run the command, print AdminControl.getCell(), to get the cell name, and make a note of it.

Check out the Activities configuration files, using the following command:

ActivitiesConfigService.checkOutConfig("c:/temp", "<cell_name>")

(The second parameter should be the cell name you obtained in the previous step.)

5. Navigate to the directory where you specified to keep the Activities configuration file (e.g., c:\temp), and then open the oa-config.xml file via a text editor.

6. Set the enabled attribute of the element to “true”, and create one element for each Quickr server that you want to support. In the server element, specify the fully qualified domain name of the Quickr server to which you want to allow your users to publish files and include the port number:

Define a list of supported Quickr Domino servers

Select QuickrWhitelistProvider in the Name field, and then click the "Custom properties" link.

Figure 17. QuickrWhitelistProvider window

4. Create one custom property for each Quickr Domino server that you want to enable users to access. To create a custom property, enter these values in the following fields (see figure 18):

Name. Create a property name that begins with the term "allow", such as "allowQuickrServer.cn.ibm.com"

Value. Specify the fully qualified domain name of the Quickr Domino server or its IP address. (Do not specify the protocol, nor any port numbers.)

NOTE: The provider does not convert IP addresses to domain names nor vice versa. If the server is requested using both identifiers, then create two properties: One property that specifies the domain name in the Value field and one that specifies the IP address in the Value field.

Figure 18. Name and Value fields

5. Repeat the previous step for every Lotus Quickr server that you want to add to the list of supported servers.
6. Apply and Save the change.

Restart the Activities application to have the configuration take effect

Quickr server ssl port: 9443 (Do not leave this field blank; if SSL is not configured on Quickr Domino, enter 443 as the SSL port.)

J2C authentication user name: an LDAP user name, for example, "Mike Chen" (The user provided here must have permission to create places on the Quickr Domino server. Note that you must change the Quickr security setting as well, adding this user as Quickr's administrator. See Step 5 below.)

J2C authentication password: the password of the authentication user.

Figure 19. Quickr Server Settings window

4. In the "Install Locations" step (see figure 20), click the "…." button beside the "Lotus Connections install home directory" field to specify the location of the Connections installation home directory, and then click the Validate button. (Note that the "Connector libraries install location" and "Connector configuration install location" fields are automatically populated when you specify the Connections installation home directory.)

a) In the "Who can create new places on this server?" section, if "Anyone who can connect to the server" is selected, then there's no need to add this LDAP user to this section.
b) In the "Who can administer this server" section, add the LDAP user to the list. NOTE: This is important; otherwise, this user may not be able to create places from Communities.

Complete the installation of the Quickr connector

Select System administration --- Nodes, and select All nodes; click the Full Resynchronize button.

Select Servers --- Clusters, deselect the check box beside the cluster containing the nodes that have been updated, and then click Stop.

Select the cluster and click Start.

Define list of supported Quickr servers for Communities (Optional)

This is an optional step for Communities and Quickr integration, this step can provide a list of the supported Lotus Quickr servers to the proxy server to ensure that it honors any requests made for access to one of the supported Lotus Quickr servers.

Select QuickrWhitelistProvider in the Name field, and then click the "Custom properties" link.

Figure 22. QuickrWhitelistProvider window

4. Create one custom property for each Quickr server that you want to enable users to access. To do this, enter these values in the following fields (see figure 23):

Name: Create a property name that begins with the term "allow", such as "allowQuickrServer.cn.ibm.com"
Value: Specify the fully qualified domain name of the Quickr server or its IP address. (Do not specify the protocol nor any port numbers.)

NOTE: The provider does not convert IP addresses to domain names nor vice versa. If the server is requested using both identifiers, then create two properties: One property that specifies the domain name in the Value field, and one that specifies the IP address in the Value field.

Figure 23. Name and Value fields

5. Repeat the previous step for every Quickr server that you want to add to the list of supported servers.
6. Apply and Save the change.

Support Quickr authenticated feeds

By default, the Connections Ajax proxy is configured to allow cookies, headers, or mime types, and all HTTP actions to be exchanged among the Connections applications only. It will not pass cookies and authorization-related headers to or from external servers for feeds. To support Quickr authenticated feeds, follow these steps:

1. Use the wsadmin client to check out the Activities configuration files. Navigate to the "C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin" directory in a command line, and input the command, wsadmin -lang jython -user wasadmin -password passw0rd

2. Use the following command to access the Connections and Communities configuration file:

3. Run the command, print AdminControl.getCell(), to get the cell name, and make a note of it.

4. Check out the proxy configuration file, using the following command (the second parameter should be the cell name you get in the previous step):

LCConfigService.checkOutProxyConfig("c:/temp", "")

5. Navigate to the directory where you specified to keep the configuration file (e.g., c:\temp), and open the proxy-config.tpl file via a text editor.

6. Add the following entry before the default policy, replacing with the host name and port number of your Quickr server. Be sure to insert the custom policy earlier in the code than the default policy, if one exists:

About the authors

Yin, Zhiyong is a Staff Software Engineer based at IBM's China Development Labs in Beijing. He has a deep understanding of Quickr and Connections customization, and has an interest in social software.

Liu, Xiangning is a Staff Software Engineer based at IBM's China Development Labs in Beijing. She is the leader of Quickr L3 test team and specializes in Quickr-related environment setup and configuration.

Lets assume,I have Quickr for Domino 8.5.1 as my live quickr environment and I installed Connections 4.0.

Here I need to map an existing quickr place with my new community..?

Is it possible ?

If so please advice me to achieve.

Thanks

Zhi Yong Yin commented on May 3, 2012

Re: Integrating IBM Connections with IBM Lotus Quickr for Domino

Hi David,

The steps in this article were verified by our real practice, we summarized this article based on our product documentation.

The steps in the section - "Define a list of supported Lotus Quickr servers" are necessary for Activities configuration, but they are optional for Communities configuration. I verified on my environment with no proxy server enabled, when I removed all Lotus Quickr servers from resource environment provider - "QuickrWhiteListProvider", I could create a community with a new Quickr place successfully, but I could NOT publish an attachment from an Activities entry to Quickr.

But I think if you enable the proxy server, the steps in the section of "Define a list of supported Lotus Quickr servers" are necessary for both Activities and Communities configuration.

Mike

David A McCarthy commented on Apr 20, 2012

Re: Integrating IBM Connections with IBM Lotus Quickr for Domino

This is a really great article, thank you. However, I have a question about the "Integrate Activities to work with Quickr Domino" section:

In the Product Documentation part of the Wiki, there is the folloiwng article: